CVE-2024-43890

EPSS 0.01%
Veröffentlicht 26.08.2024 11:15:04
Zuletzt bearbeitet 03.11.2025 22:18:17
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Unerledigt
Login

In the Linux kernel, the following vulnerability has been resolved:

tracing: Fix overflow in get_free_elt()

"tracing_map->next_elt" in get_free_elt() is at risk of overflowing.

Once it overflows, new elements can still be inserted into the tracing_map
even though the maximum number of elements (`max_elts`) has been reached.
Continuing to insert elements after the overflow could result in the
tracing_map containing "tracing_map->max_size" elements, leaving no empty
entries.
If any attempt is made to insert an element into a full tracing_map using
`__tracing_map_insert()`, it will cause an infinite loop with preemption
disabled, leading to a CPU hang problem.

Fix this by preventing any further increments to "tracing_map->next_elt"
once it reaches "tracing_map->max_elt".

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 13

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Linux ≫ Linux Kernel Version >= 4.7 < 4.19.320

Linux ≫ Linux Kernel Version >= 4.20 < 5.4.282

Linux ≫ Linux Kernel Version >= 5.5 < 5.10.224

Linux ≫ Linux Kernel Version >= 5.11 < 5.15.165

Linux ≫ Linux Kernel Version >= 5.16 < 6.1.105

Linux ≫ Linux Kernel Version >= 6.2 < 6.6.46

Linux ≫ Linux Kernel Version >= 6.7 < 6.10.5

Linux ≫ Linux Kernel Version6.11 Updaterc1

Linux ≫ Linux Kernel Version6.11 Updaterc2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.01%	0.018

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.5	1.8	3.6	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE-190 Integer Overflow or Wraparound

The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.

https://git.kernel.org/stable/c/236bb4690773ab6869b40bedc7bc8d889e36f9d6

Patch

https://git.kernel.org/stable/c/302ceb625d7b990db205a15e371f9a71238de91c

Patch

https://git.kernel.org/stable/c/788ea62499b3c18541fd6d621964d8fafbc4aec5

Patch

https://git.kernel.org/stable/c/a172c7b22bc2feaf489cfc6d6865f7237134fdf8

Patch

https://git.kernel.org/stable/c/bcf86c01ca4676316557dd482c8416ece8c2e143

Patch

https://git.kernel.org/stable/c/cd10d186a5409a1fe6e976df82858e9773a698da

Patch